Re: [pyOpenSSL] [pyopenssl-list] x509req Object set_subject

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Thu, 3 Jul 2008 15:22:29 +0300, BRACHET Maxime <mi...@gm...> wrote:
>Hi,
>
>> Hi every body,
>>
>> I am new to this mailing list.
>> I have a quite simple problem,
>> I get a Certificate Request form a MyProxy server to sign it in order to
>> create a Proxy certificate.
>> But I must overwrite the subject of the MyProxy request to fulfill the
>> requirements.
>> I get the Request in a x509req Object, but this object does not provide a
>> method like set_subject().
>>
>> How can I do ?
>
>It seems that I misunderstand what to do.
>I create a new x509 certificate using request informations, but I need to
>add a CN to my subject and the x509Name does not provide any methods to do
>this.
>Any ideas ?

X509Name instances can have attributes like CN set on them directly:

    >>> from OpenSSL.crypto import X509
    >>> cert = X509()
    >>> cert.get_subject().CN = 'foo'
    >>> cert.get_subject()
    <X509Name object '/CN=foo'>

It doesn't seem correct that you need to change anything about the X509Req,
though.  If it has the wrong parameters, then it needs to be regenerated by
the MyProxy server/user (I don't know what MyProxy is).  If you change it
and sign the result, then it will disagree with the private part which was
generated along with it.

Jean-Paul